Researches test resilience of P2P botnets
Posted on 12 June 2013.
Bookmark and Share
Following increased efforts by a number of companies and organizations, the takedown on botnet C&C servers is now a pretty regular occurrence and cyber crooks have reacted by decentralizing the communication between bots and their controllers.


They mostly opted for Peer-to-Peer (P2P) communication infrastructures, which made their botnets more difficult to disrupt. Nevertheless, there are ways of doing it, and a group of researchers from the Institute for Internet Security in Germany, VU University of Amsterdam, and tech companies Dell SecureWorks and Crowdstrike has decided to test botnets' resilience to new attacks.

While acknowledging that estimating a P2P botnetís size is difficult and that there is currently no systematic way to analyze their resilience against takedown attempts, they have nevertheless managed to apply their methods to real-world P2P botnets and come up with quality information.

They used crawling and sensor injection to detect the size of the botnets and discovered two things: that some botnets number over a million of bots, and that sensor injection offers more accurate results.

With their disruption attacks - sinkholing and partitioning - they discovered that, among other things:
  • The Sality P2P botnet uses a peer reputation scheme which significantly complicates attacks
  • The Zeus P2P botnet uses automatic blacklisting of sinkholing servers that communicate too aggressively
  • Several P2P botnets are able to repel initially successful attacks against their P2P layers over the long term through the use of backup C&C channels.
Other attacked botnets were Kelihos, ZeroAccess, Nugache, Storm, and Miner, and they also investigated to what extentall these botnets are susceptible to attacks such as command injection instead against their infrastructure.

"Our evaluation has shown weaknesses which could be used to disrupt the Kelihos and ZeroAccess botnets. However, we have also shown that the Zeus and Sality botnets are highly resilient to sinkholing attacks, the currently most used class of disruptive attacks against P2P botnets," they concluded. "We believe our findings demonstrate that research on alternative P2P botnet mitigation methods is urgently needed."

The research paper is a great read, and can be downloaded here.









Spotlight

Nine patterns make up 92 percent of security incidents

Posted on 23 April 2014.  |  Researchers have found that 92 percent of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //